Description of problem:
SEP cpu flag is disabled on Intel 64 bit when exec_shield is set (which is the default)
Version-Release number of selected component (if applicable):
2.6.32-251.el6.x86_64
How reproducible:
check cpuinfo after install of RHEL6 64 bit.
Steps to Reproduce:
1.check exec_shield is set. cat /proc/sys/kernel/exec-shield returns 1.
2.cat /proc/cpuinfo
3.
Actual results:
sep is not set
Expected results:
sep should be set
Additional info:
this looks like a problem with the exec_shield code in arch/x86/kernel/cpu/common.c :
if (exec_shield != 0) {
#ifdef CONFIG_X86_PAE
if (!test_cpu_cap(c, X86_FEATURE_NX))
#endif
clear_cpu_cap(c, X86_FEATURE_SEP);
}
CONFIG_X86_PAE is not set for 64 bit so we clear SEP.

What is really the effect of the bug? The kernel only uses X86_FEATURE_SEP in 32-bit mode.
In 64-bit mode, sysenter/sysexit are assumed to be present on all Intel CPUs.
arch/x86/kernel/cpu/intel.c:
#ifdef CONFIG_X86_64
set_cpu_cap(c, X86_FEATURE_SYSENTER32);
#endif
arch/x86/vdso/vdso32-setup.c
#ifdef CONFIG_X86_64
#define vdso32_sysenter() (boot_cpu_has(X86_FEATURE_SYSENTER32))
#define vdso32_syscall() (boot_cpu_has(X86_FEATURE_SYSCALL32))
...
#else /* CONFIG_X86_32 */
#define vdso32_sysenter() (boot_cpu_has(X86_FEATURE_SEP))
#define vdso32_syscall() (0)
#endif
I suppose this only affects virtualization of 32-bit guests with -cpu host, where the guest would have to fallback to int $0x80?

Sorry but I dont understand what the problem is here.
In RHEL5 we have:
----------------------------------------------------------------
if (exec_shield != 0) {
#ifdef CONFIG_HIGHMEM64G /* NX implies PAE */
if (!test_bit(X86_FEATURE_NX, c->x86_capability))
#endif
clear_bit(X86_FEATURE_SEP, c->x86_capability);
}
----------------------------------------------------------------
In RHEL6 we have:
----------------------------------------------------------------
if (exec_shield != 0) {
#ifdef CONFIG_X86_PAE
if (!test_cpu_cap(c, X86_FEATURE_NX))
#endif
clear_cpu_cap(c, X86_FEATURE_SEP);
}
----------------------------------------------------------------
In RHEL5 CONFIG_HIGHMEM64G is set in x86 only and in RHEL6 CONFIG_X86_PAE is set in x86 only. So the functionality should be the same for x86 & x86_64 in both cases, no?
Larry

> In RHEL5 CONFIG_HIGHMEM64G is set in x86 only and in RHEL6 CONFIG_X86_PAE is
> set in x86 only. So the functionality should be the same for x86 & x86_64 in
> both cases, no?
The snippet you quoted for RHEL5 is not compiled for x86_64, only i386. See comment 2.

So the whole RHEL6 snipit should be this so we only do this for x86?:
----------------------------------------------------------------
#ifdef CONFIG_X86_PAE
if (exec_shield != 0) {
if (!test_cpu_cap(c, X86_FEATURE_NX))
clear_cpu_cap(c, X86_FEATURE_SEP);
}
#endif
----------------------------------------------------------------
Larry

This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release. Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHSA-2013-0496.html

Note

You need to
log in
before you can comment on or make changes to this bug.